Lucene search

[email protected]CVE-2007-0399

HistoryJan 22, 2007 - 6:28 p.m.

CVE-2007-0399

2007-01-2218:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0399

cross-site scripting

xss

smf 1.1 rc3

vulnerability

security

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

5.4 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

Affected configurations

NVD

Node

simple_machinessimple_machines_forumMatch1.1_rc3

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc3

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc3

References

aria-security.com/forum/showthread.php?p=128

osvdb.org/32606

securityreason.com/securityalert/2169

www.securityfocus.com/archive/1/457508/100/0/threaded

www.securityfocus.com/archive/1/457627/100/0/threaded

www.securityfocus.com/archive/1/457761/100/200/threaded

www.securityfocus.com/archive/1/458194/100/100/threaded

www.securityfocus.com/archive/1/458904/100/0/threaded

www.securityfocus.com/bid/22143

exchange.xforce.ibmcloud.com/vulnerabilities/31612

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

5.4 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2007-0399

prion1 nvd1 cvelist1 securityvulns1